Your printer could be the hole in your security

Security outfit ExpressVPN has penned a report showing how your printer could be the hole in your security.

According to the report, when you print, scan, or copy a document at home or in the office, it might look like any other document to your eyes. But, unbelievably, data on the page make it possible to track almost every document you’ve ever scanned, printed, or photocopied back to you.

All modern printers keep some form of log. Depending on the make and model, the logs can be highly intrusive and even go as far as indefinitely retaining full copies of all material.

Printer logs can be a substantial and unexpected privacy risk, especially if they contain sensitive and personal information. This is a significant risk when disposing of or selling old printers, as people are rarely aware of how to wipe or destroy the hard drive safely.

In shared printers, information logs will also include which computer connected to the printer and submitted the printing job. If the printer uses no authentication system, or if enough people share the same credentials (e.g., one password for the entire user base), it is possible to hide the identity of whoever is printing a document by using an operating system like TAILS, but not the contents of the document.

The only way to prevent printer logs from identifying you it is to own and control the printer and know how to delete the logs.

Every modern printer will leave tiny, barely visible traces on each paper that passes through that identifies the printer by its serial number.

Also referred to as printer stenography, the technique was introduced to trace counterfeit bank notes. After finding fake money, authorities can find out when the bills were printed and what printer they came from. Then, using records from the printer manufacturer, officials can trace the supply chain down to where the printer was sold. Through security cameras, licence plate readers, or credit card records, it’s then possible to track all the way to the end user.

It’s not easy to protect yourself from this technique, as reprogramming the device might not be feasible. Sometimes removing colour cartridges also remove the dots, but it would still require meticulous visual inspection. Some printers will also refuse to print black and white documents if no colour cartridge is inserted.

However, buying a used printer from Craigslist might hinder any search enough to stop them physically locating you.

While ExpressVPN said it was unaware of any cases, printers also may theoretically contain malware that scans your documents for information such as Bitcoin private keys or recovery codes.

As Bitcoin gets more widely used, printer malware will become more likely, especially since modern printers connect to the open internet and might not receive the same attention as personal computers—especially when it comes to updates.

When backing up your Bitcoin wallets, it’s always preferable to write the backup phrases down by hand, rather than printing them out. When printing public keys, addresses, or QR codes, make sure that they have not been changed to, for example, trick you into sending funds to somebody else, the report said.

"When it comes to maintaining your privacy, printers won’t be of much help. In fact, there’s not much we can say other than to avoid physical messages altogether when you want to remain anonymous. In regards to security, pen and paper might be the best options. And, if you need to back up your Bitcoin seed phrases or other sensitive data, definitely use a pen and paper", it concludes